Á¤º¸Ã³¸®ÇÐȸ ³í¹®Áö ÄÄÇ»ÅÍ ¹× Åë½Å½Ã½ºÅÛ
Current Result Document :
| ÇѱÛÁ¦¸ñ(Korean Title) |
Opcode¿Í APIÀÇ ºóµµ¼ö¿Í »ó°ü°è¼ö¸¦ È°¿ëÇÑ CerberÇü ·£¼¶¿þ¾î ŽÁö¸ðµ¨¿¡ °üÇÑ ¿¬±¸ |
| ¿µ¹®Á¦¸ñ(English Title) |
A Study on the Cerber-Type Ransomware Detection Model Using Opcode and API Frequency and Correlation Coefficient |
| ÀúÀÚ(Author) |
ÀÌÇüµ¿
À±ÁØÈñ
ÀÌ´ö±Ô
½Å¿ëÅÂ
Hyungdong Lee
Joonhee Yoon
Doeggyu Lee
Yongtae Shin
ÀÌ°èÇõ
Ȳ¹Îä
Çöµ¿¿±
±¸¿µÀÎ
À¯µ¿¿µ
Gye-Hyeok Lee
Min-Chae Hwang
Dong-Yeop Hyun
Young-In Ku
Dong-Young Yoo
|
| ¿ø¹®¼ö·Ïó(Citation) |
VOL 11 NO. 10 PP. 0363 ~ 0372 (2022. 10) |
Çѱ۳»¿ë
(Korean Abstract) |
ÃÖ±Ù Äڷγª 19 ÆÒ´õ¹Í ÀÌÈÄ ¿ø°Ý±Ù¹«ÀÇ È®´ë¿Í ´õºÒ¾î ·£¼¶¿þ¾î ÆÒ´õ¹ÍÀÌ ½ÉÈÇÏ°í ÀÖ´Ù. ÇöÀç ¾ÈƼ¹ÙÀÌ·¯½º ¹é½Å ¾÷üµéÀÌ ·£¼¶¿þ¾î¿¡ ´ëÀÀÇÏ°íÀÚ ³ë·ÂÇÏ°í ÀÖÁö¸¸, ±âÁ¸ÀÇ ÆÄÀÏ ½Ã±×´Ïó ±â¹Ý Á¤Àû ºÐ¼®Àº ÆÐÅ·ÀÇ ´Ù¾çÈ, ³µ¶È, º¯Á¾ ȤÀº ½ÅÁ¾ ·£¼¶¿þ¾îÀÇ µîÀå ¾Õ¿¡ ¹«·Â鵃 ¼ö ÀÖ´Ù. ÀÌ·¯ÇÑ ·£¼¶¿þ¾î ŽÁö¸¦ À§ÇÑ ´Ù¾çÇÑ ¿¬±¸°¡ ÁøÇàµÇ°í ÀÖÀ¸¸ç, ½Ã±×´Ïó ±â¹Ý Á¤Àû ºÐ¼®ÀÇ Å½Áö ¹æ¹ý°ú ÇàÀ§±â¹ÝÀÇ µ¿Àû ºÐ¼®À» ÀÌ¿ëÇÑ Å½Áö ¿¬±¸°¡ ÇöÀç ÁÖµÈ ¿¬±¸À¯ÇüÀ̶ó°í º¼ ¼ö ÀÖ´Ù. º» ³í¹®¿¡¼´Â ´ÜÀÏ ºÐ¼®¸¸À» ÀÌ¿ëÇÏ¿© ŽÁö¸ðµ¨¿¡ Àû¿ëÇÏ´Â °ÍÀÌ ¾Æ´Ñ ¡°.text Section¡± Opcode¿Í ½ÇÁ¦ »ç¿ëÇÏ´Â Native APIÀÇ ºóµµ¼ö¸¦ ÃßÃâÇÏ°í K-means Clustering ¾Ë°í¸®Áò, ÄÚ»çÀÎ À¯»çµµ, ÇǾ »ó°ü°è¼ö¸¦ ÀÌ¿ëÇÏ¿© ¼±Á¤ÇÑ Æ¯Â¡Á¤º¸µé »çÀÌÀÇ ¿¬°ü¼ºÀ» ºÐ¼®ÇÏ¿´´Ù. ¶ÇÇÑ, Ÿ ¾Ç¼ºÄÚµå À¯Çü Áß ¿ú°ú CerberÇü ·£¼¶¿þ¾î¸¦ ºÐ·ù, ŽÁöÇÏ´Â ½ÇÇèÀ» ÅëÇØ, ¼±Á¤ÇÑ Æ¯Â¡Á¤º¸°¡ ƯÁ¤ ·£¼¶¿þ¾î(Cerber)¸¦ ŽÁöÇÏ´Â µ¥ Æ¯ÈµÈ Á¤º¸ÀÓÀ» °ËÁõÇÏ¿´´Ù. À§¿Í °°Àº °ËÁõÀ» ÅëÇØ ÃÖÁ¾ ¼±Á¤µÈ Ư¡Á¤º¸µéÀ» °áÇÕÇÏ¿© ±â°èÇнÀ¿¡ Àû¿ëÇÏ¿©, ÃÖÀûÈ ÀÌÈÄ Á¤È®µµ 93.3% µîÀÇ Å½ÁöÀ²À» ³ªÅ¸³»¾ú´Ù. |
¿µ¹®³»¿ë
(English Abstract) |
Since the recent COVID-19 Pandemic, the ransomware fandom has intensified along with the expansion of remote work. Currently, anti-virus vaccine companies are trying to respond to ransomware, but traditional file signature-based static analysis can be neutralized in the face of diversification, obfuscation, variants, or the emergence of new ransomware. Various studies are being conducted for such ransomware detection, and detection studies using signature-based static analysis and behavior-based dynamic analysis can be seen as the main research type at present. In this paper, the frequency of ¡°.text Section¡± Opcode and the Native API used in practice was extracted, and the association between feature information selected using K-means Clustering algorithm, Cosine Similarity, and Pearson correlation coefficient was analyzed. In addition, Through experiments to classify and detect worms among other malware types and Cerber-type ransomware, it was verified that the selected feature information was specialized in detecting specific ransomware (Cerber). As a result of combining the finally selected feature information through the above verification and applying it to machine learning and performing hyper parameter optimization, the detection rate was up to 93.3%. |
| Å°¿öµå(Keyword) |
·¯½Ã¾Æ-¿ìÅ©¶óÀ̳ª ÀüÀï
»çÀ̹ö°ø°Ý
´ëÀÀ ¹æ¾È
IT±º´ë
ÇíƼºñ½ºÆ®
Russia-Ukraine War
Cyberattack
Countermeasures
IT Army
Hacktivists
·£¼¶¿þ¾î
Äɸ£º£¸£
Opcode
API
¾Ç¼ºÄÚµå
±â°èÇнÀ
ŽÁö
Ransomware
Cerber
Opcode
API
Malware
Machine-Learning
Detection
|
| ÆÄÀÏ÷ºÎ |
PDF ´Ù¿î·Îµå
|
